cassandra-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zzn...@apache.org
Subject [19/50] cassandra-dtest git commit: added tests for mutual auth (require_client_auth) on internode connections
Date Thu, 13 Jul 2017 00:15:30 GMT
added tests for mutual auth (require_client_auth) on internode connections


Project: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/repo
Commit: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/commit/8513c478
Tree: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/tree/8513c478
Diff: http://git-wip-us.apache.org/repos/asf/cassandra-dtest/diff/8513c478

Branch: refs/heads/master
Commit: 8513c4784fb9b7bcf54118f0f5b173c93b62978c
Parents: 704c7b0
Author: Jason Brown <jasedbrown@gmail.com>
Authored: Thu Apr 6 06:25:34 2017 -0700
Committer: Philip Thompson <ptnapoleon@gmail.com>
Committed: Thu Apr 6 15:13:11 2017 -0400

----------------------------------------------------------------------
 sslnodetonode_test.py | 40 ++++++++++++++++++++++++++++++++++++++--
 1 file changed, 38 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/cassandra-dtest/blob/8513c478/sslnodetonode_test.py
----------------------------------------------------------------------
diff --git a/sslnodetonode_test.py b/sslnodetonode_test.py
index a2a3e41..c4a9184 100644
--- a/sslnodetonode_test.py
+++ b/sslnodetonode_test.py
@@ -10,6 +10,7 @@ from tools.decorators import since
 _LOG_ERR_SIG = "^javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
Certificate signature validation failed$"
 _LOG_ERR_IP = "^javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No subject alternative names matching IP address [0-9.]+ found$"
 _LOG_ERR_HOST = "^javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException:
No name matching \S+ found$"
+_LOG_ERR_CERT = "^javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown$"
 
 
 @since('3.6')
@@ -56,6 +57,40 @@ class TestNodeToNodeSSLEncryption(Tester):
         self.cluster.stop()
         self.assertTrue(found)
 
+    def ssl_client_auth_required_fail_test(self):
+        """peers need to perform mutual auth (cient auth required), but do not supply the
local cert"""
+
+        credNode1 = sslkeygen.generate_credentials("127.0.0.1")
+        credNode2 = sslkeygen.generate_credentials("127.0.0.2")
+
+        self.setup_nodes(credNode1, credNode2, client_auth=True)
+
+        self.allow_log_errors = True
+        self.cluster.start(no_wait=True)
+        time.sleep(2)
+
+        found = self._grep_msg(self.node1, _LOG_ERR_CERT)
+        self.assertTrue(found)
+
+        found = self._grep_msg(self.node2, _LOG_ERR_CERT)
+        self.assertTrue(found)
+
+        self.cluster.stop()
+        self.assertTrue(found)
+
+    def ssl_client_auth_required_succeed_test(self):
+        """peers need to perform mutual auth (cient auth required), but do not supply the
loca cert"""
+
+        credNode1 = sslkeygen.generate_credentials("127.0.0.1")
+        credNode2 = sslkeygen.generate_credentials("127.0.0.2", credNode1.cakeystore, credNode1.cacert)
+        sslkeygen.import_cert(credNode1.basedir, 'ca127.0.0.2', credNode2.cacert, credNode1.cakeystore)
+        sslkeygen.import_cert(credNode2.basedir, 'ca127.0.0.1', credNode1.cacert, credNode2.cakeystore)
+
+        self.setup_nodes(credNode1, credNode2, client_auth=True)
+
+        self.cluster.start()
+        self.cql_connection(self.node1)
+
     def ca_mismatch_test(self):
         """CA mismatch should cause nodes to fail to connect"""
 
@@ -88,7 +123,7 @@ class TestNodeToNodeSSLEncryption(Tester):
 
         return False
 
-    def setup_nodes(self, credentials1, credentials2, endpointVerification=False):
+    def setup_nodes(self, credentials1, credentials2, endpointVerification=False, client_auth=False):
 
         cluster = self.cluster
 
@@ -107,7 +142,8 @@ class TestNodeToNodeSSLEncryption(Tester):
                     'keystore_password': 'cassandra',
                     'truststore': tspath,
                     'truststore_password': 'cassandra',
-                    'require_endpoint_verification': endpointVerification
+                    'require_endpoint_verification': endpointVerification,
+                    'require_client_auth': client_auth
                 }
             })
 


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@cassandra.apache.org
For additional commands, e-mail: commits-help@cassandra.apache.org


Mime
View raw message